| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.ki.web; |
| |
| import java.io.IOException; |
| import java.io.UnsupportedEncodingException; |
| import java.net.InetAddress; |
| import java.net.URLDecoder; |
| import java.net.UnknownHostException; |
| import java.util.Map; |
| import javax.servlet.ServletRequest; |
| import javax.servlet.ServletResponse; |
| import javax.servlet.http.HttpServletRequest; |
| import javax.servlet.http.HttpServletResponse; |
| |
| import org.apache.commons.logging.Log; |
| import org.apache.commons.logging.LogFactory; |
| |
| import org.apache.ki.SecurityUtils; |
| import org.apache.ki.session.Session; |
| import org.apache.ki.subject.Subject; |
| import org.apache.ki.util.StringUtils; |
| import org.apache.ki.util.ThreadContext; |
| |
| /** |
| * Simple utility class for operations used across multiple class hierarchies in the web framework code. |
| * |
| * <p>Some methods in this class were copied from the Spring Framework so we didn't have to re-invent the wheel, |
| * and in these cases, we have retained all license, copyright and author information. |
| * |
| * @author Les Hazlewood |
| * @author Jeremy Haile |
| * @author Rod Johnson |
| * @author Juergen Hoeller |
| * @since 0.9 |
| */ |
| public class WebUtils { |
| |
| //TODO - complete JavaDoc |
| |
| private static final Log log = LogFactory.getLog(WebUtils.class); |
| |
| |
| /** |
| * Message displayed when a servlet request or response is not bound to the current thread context when expected. |
| */ |
| private static final String NOT_BOUND_ERROR_MESSAGE = |
| "Make sure WebUtils.bind() is being called. (typically called by Apache KiFilter) " + |
| "This could also happen when running integration tests that don't properly call WebUtils.bind()."; |
| |
| public static final String SERVLET_REQUEST_KEY = ServletRequest.class.getName() + "_KI_THREAD_CONTEXT_KEY"; |
| public static final String SERVLET_RESPONSE_KEY = ServletResponse.class.getName() + "_KI_THREAD_CONTEXT_KEY"; |
| |
| /** |
| * {@link org.apache.ki.session.Session Session} key used to save a request and later restore it, for example when redirecting to a |
| * requested page after login, equal to <code>jsecuritySavedRequest</code>. |
| */ |
| public static final String SAVED_REQUEST_KEY = "kiSavedRequest"; |
| |
| |
| /** |
| * Standard Servlet 2.3+ spec request attributes for include URI and paths. |
| * <p>If included via a RequestDispatcher, the current resource will see the |
| * originating request. Its own URI and paths are exposed as request attributes. |
| */ |
| public static final String INCLUDE_REQUEST_URI_ATTRIBUTE = "javax.servlet.include.request_uri"; |
| public static final String INCLUDE_CONTEXT_PATH_ATTRIBUTE = "javax.servlet.include.context_path"; |
| public static final String INCLUDE_SERVLET_PATH_ATTRIBUTE = "javax.servlet.include.servlet_path"; |
| public static final String INCLUDE_PATH_INFO_ATTRIBUTE = "javax.servlet.include.path_info"; |
| public static final String INCLUDE_QUERY_STRING_ATTRIBUTE = "javax.servlet.include.query_string"; |
| |
| /** |
| * Standard Servlet 2.4+ spec request attributes for forward URI and paths. |
| * <p>If forwarded to via a RequestDispatcher, the current resource will see its |
| * own URI and paths. The originating URI and paths are exposed as request attributes. |
| */ |
| public static final String FORWARD_REQUEST_URI_ATTRIBUTE = "javax.servlet.forward.request_uri"; |
| public static final String FORWARD_CONTEXT_PATH_ATTRIBUTE = "javax.servlet.forward.context_path"; |
| public static final String FORWARD_SERVLET_PATH_ATTRIBUTE = "javax.servlet.forward.servlet_path"; |
| public static final String FORWARD_PATH_INFO_ATTRIBUTE = "javax.servlet.forward.path_info"; |
| public static final String FORWARD_QUERY_STRING_ATTRIBUTE = "javax.servlet.forward.query_string"; |
| |
| /** |
| * Default character encoding to use when <code>request.getCharacterEncoding</code> |
| * returns <code>null</code>, according to the Servlet spec. |
| * |
| * @see javax.servlet.ServletRequest#getCharacterEncoding |
| */ |
| public static final String DEFAULT_CHARACTER_ENCODING = "ISO-8859-1"; |
| |
| /** |
| * Return the path within the web application for the given request. |
| * <p>Detects include request URL if called within a RequestDispatcher include. |
| * <p/> |
| * For example, for a request to URL |
| * <p/> |
| * <code>http://www.somehost.com/myapp/my/url.jsp</code>, |
| * <p/> |
| * for an application deployed to <code>/mayapp</code> (the application's context path), this method would return |
| * <p/> |
| * <code>/my/url.jsp</code>. |
| * |
| * @param request current HTTP request |
| * @return the path within the web application |
| */ |
| public static String getPathWithinApplication(HttpServletRequest request) { |
| String contextPath = getContextPath(request); |
| String requestUri = getRequestUri(request); |
| if (StringUtils.startsWithIgnoreCase(requestUri, contextPath)) { |
| // Normal case: URI contains context path. |
| String path = requestUri.substring(contextPath.length()); |
| return (StringUtils.hasText(path) ? path : "/"); |
| } else { |
| // Special case: rather unusual. |
| return requestUri; |
| } |
| } |
| |
| /** |
| * Return the request URI for the given request, detecting an include request |
| * URL if called within a RequestDispatcher include. |
| * <p>As the value returned by <code>request.getRequestURI()</code> is <i>not</i> |
| * decoded by the servlet container, this method will decode it. |
| * <p>The URI that the web container resolves <i>should</i> be correct, but some |
| * containers like JBoss/Jetty incorrectly include ";" strings like ";jsessionid" |
| * in the URI. This method cuts off such incorrect appendices. |
| * |
| * @param request current HTTP request |
| * @return the request URI |
| */ |
| public static String getRequestUri(HttpServletRequest request) { |
| String uri = (String) request.getAttribute(INCLUDE_REQUEST_URI_ATTRIBUTE); |
| if (uri == null) { |
| uri = request.getRequestURI(); |
| } |
| return decodeAndCleanUriString(request, uri); |
| } |
| |
| /** |
| * Decode the supplied URI string and strips any extraneous portion after a ';'. |
| * |
| * @param request the incoming HttpServletRequest |
| * @param uri the application's URI string |
| * @return the supplied URI string stripped of any extraneous portion after a ';'. |
| */ |
| private static String decodeAndCleanUriString(HttpServletRequest request, String uri) { |
| uri = decodeRequestString(request, uri); |
| int semicolonIndex = uri.indexOf(';'); |
| return (semicolonIndex != -1 ? uri.substring(0, semicolonIndex) : uri); |
| } |
| |
| /** |
| * Return the context path for the given request, detecting an include request |
| * URL if called within a RequestDispatcher include. |
| * <p>As the value returned by <code>request.getContextPath()</code> is <i>not</i> |
| * decoded by the servlet container, this method will decode it. |
| * |
| * @param request current HTTP request |
| * @return the context path |
| */ |
| public static String getContextPath(HttpServletRequest request) { |
| String contextPath = (String) request.getAttribute(INCLUDE_CONTEXT_PATH_ATTRIBUTE); |
| if (contextPath == null) { |
| contextPath = request.getContextPath(); |
| } |
| if ("/".equals(contextPath)) { |
| // Invalid case, but happens for includes on Jetty: silently adapt it. |
| contextPath = ""; |
| } |
| return decodeRequestString(request, contextPath); |
| } |
| |
| /** |
| * Decode the given source string with a URLDecoder. The encoding will be taken |
| * from the request, falling back to the default "ISO-8859-1". |
| * <p>The default implementation uses <code>URLDecoder.decode(input, enc)</code>. |
| * |
| * @param request current HTTP request |
| * @param source the String to decode |
| * @return the decoded String |
| * @see #DEFAULT_CHARACTER_ENCODING |
| * @see javax.servlet.ServletRequest#getCharacterEncoding |
| * @see java.net.URLDecoder#decode(String, String) |
| * @see java.net.URLDecoder#decode(String) |
| */ |
| @SuppressWarnings({"deprecation"}) |
| public static String decodeRequestString(HttpServletRequest request, String source) { |
| String enc = determineEncoding(request); |
| try { |
| return URLDecoder.decode(source, enc); |
| } |
| catch (UnsupportedEncodingException ex) { |
| if (log.isWarnEnabled()) { |
| log.warn("Could not decode request string [" + source + "] with encoding '" + enc + |
| "': falling back to platform default encoding; exception message: " + ex.getMessage()); |
| } |
| return URLDecoder.decode(source); |
| } |
| } |
| |
| /** |
| * Determine the encoding for the given request. |
| * Can be overridden in subclasses. |
| * <p>The default implementation checks the request's |
| * {@link ServletRequest#getCharacterEncoding() character encoding}, and if that |
| * <code>null</code>, falls back to the {@link #DEFAULT_CHARACTER_ENCODING}. |
| * |
| * @param request current HTTP request |
| * @return the encoding for the request (never <code>null</code>) |
| * @see javax.servlet.ServletRequest#getCharacterEncoding() |
| */ |
| protected static String determineEncoding(HttpServletRequest request) { |
| String enc = request.getCharacterEncoding(); |
| if (enc == null) { |
| enc = DEFAULT_CHARACTER_ENCODING; |
| } |
| return enc; |
| } |
| |
| /** |
| * Returns the <code>InetAddress</code> associated with the current request, or <code>null</code> if the |
| * address cannot be resolved/determined. |
| * <p/> |
| * This implementation returns the InetAddress resolved from the request's |
| * {@link javax.servlet.ServletRequest#getRemoteHost() remoteHost} value. The returned <code>String</code> |
| * is resolved to an InetAddress by calling |
| * {@link InetAddress#getByName(String) InetAddress.getByName(remoteHost)}. If the remote host is <code>null</code> |
| * or <code>getByName(remoteHost)</code> throws an exception, <code>null</code> is returned. |
| * |
| * @param request the incoming ServletRequest |
| * @return the <code>InetAddress</code> associated with the current request, or <code>null</code> if the |
| * address cannot be resolved/determined. |
| */ |
| public static InetAddress getInetAddress(ServletRequest request) { |
| InetAddress clientAddress = null; |
| //get the Host/IP the client is coming from: |
| String addrString = request.getRemoteHost(); |
| try { |
| clientAddress = InetAddress.getByName(addrString); |
| } catch (UnknownHostException e) { |
| if (log.isInfoEnabled()) { |
| log.info("Unable to acquire InetAddress from ServletRequest", e); |
| } |
| } |
| |
| return clientAddress; |
| } |
| |
| /** |
| * A convenience method that merely casts the incoming <code>ServletRequest</code> to an |
| * <code>HttpServletRequest</code>: |
| * <p/> |
| * <code>return (HttpServletRequest)request;</code> |
| * <p/> |
| * Logic could be changed in the future for logging or throwing an meaningful exception in |
| * non HTTP request environments (e.g. Portlet API). |
| * |
| * @param request the incoming ServletRequest |
| * @return the <code>request</code> argument casted to an <code>HttpServletRequest</code>. |
| */ |
| public static HttpServletRequest toHttp(ServletRequest request) { |
| return (HttpServletRequest) request; |
| } |
| |
| /** |
| * A convenience method that merely casts the incoming <code>ServletResponse</code> to an |
| * <code>HttpServletResponse</code>: |
| * <p/> |
| * <code>return (HttpServletResponse)response;</code> |
| * <p/> |
| * Logic could be changed in the future for logging or throwing an meaningful exception in |
| * non HTTP request environments (e.g. Portlet API). |
| * |
| * @param response the outgoing ServletResponse |
| * @return the <code>response</code> argument casted to an <code>HttpServletResponse</code>. |
| */ |
| public static HttpServletResponse toHttp(ServletResponse response) { |
| return (HttpServletResponse) response; |
| } |
| |
| public static void bindInetAddressToThread(ServletRequest request) { |
| InetAddress ip = getInetAddress(request); |
| if (ip != null) { |
| ThreadContext.bind(ip); |
| } |
| } |
| |
| public static void unbindInetAddressFromThread() { |
| ThreadContext.unbindInetAddress(); |
| } |
| |
| /** |
| * Returns the current thread-bound {@code ServletRequest} or {@code null} if there is not one bound. |
| * <p/> |
| * It is the case in certain enterprise environments where a web-enabled SecurityManager (and its internal mechanisms) |
| * is the primary SecurityManager but also serves as a 'central' coordinator for security operations in a cluster. |
| * In these environments, it is possible for a web-enabled SecurityManager to receive remote method invocations that |
| * are not HTTP based. |
| * <p/> |
| * In these environments, we need to acquire a thread-bound ServletRequest if it exists, but |
| * not throw an exception if one is not found (with the assumption that the incoming call is not a web request but |
| * instead a remote method invocation). This method exists to support these environments, whereas the |
| * {@link #getRequiredServletRequest() getRequiredServletRequest()} method always assumes a |
| * servlet-only environment. |
| * <p/> |
| * <b>THIS IS NOT PART OF APACHE KI'S PUBLIC API.</b> It exists for Apache Ki implementation requirements only. |
| * |
| * @return the current thread-bound {@code ServletRequest} or {@code null} if there is not one bound. |
| * @since 1.0 |
| */ |
| public static ServletRequest getServletRequest() { |
| return (ServletRequest) ThreadContext.get(SERVLET_REQUEST_KEY); |
| } |
| |
| /** |
| * Convenience method that simplifies retrieval of a required thread-bound ServletRequest. If there is no |
| * ServletRequest bound to the thread when this method is called, an <code>IllegalStateException</code> is |
| * thrown. |
| * <p/> |
| * This method is basically a convenient wrapper for the following: |
| * <p/> |
| * <code>(ServletRequest){@link ThreadContext#get ThreadContext.get}( SERVLET_REQUEST_KEY );</code> |
| * <p/> |
| * But throws an <code>IllegalStateException</code> if the value is not bound to the <code>ThreadContext</code>. |
| * <p/> |
| * This method only returns the bound value if it exists - it does not remove it |
| * from the thread. To remove it, one must call {@link #unbindServletRequest() unbindServletRequest} instead. |
| * |
| * @return the ServletRequest bound to the thread. Never returns null. |
| * @throws IllegalStateException if no servlet request is bound in the {@link org.apache.ki.util.ThreadContext ThreadContext}. |
| */ |
| public static ServletRequest getRequiredServletRequest() throws IllegalStateException { |
| ServletRequest request = getServletRequest(); |
| if (request == null) { |
| throw new IllegalStateException("No ServletRequest found in ThreadContext. " + NOT_BOUND_ERROR_MESSAGE); |
| } |
| return request; |
| } |
| |
| /** |
| * Convenience method that simplifies binding a ServletRequest to the current thread (via the ThreadContext). |
| * |
| * <p>The method's existence is to help reduce casting in your own code and to simplify remembering of |
| * ThreadContext key names. The implementation is simple in that, if the servletRequest is not <tt>null</tt>, |
| * it binds it to the thread, i.e.: |
| * |
| * <pre> |
| * if (servletRequest != null) { |
| * ThreadContext.put( SERVLET_REQUEST_KEY, servletRequest ); |
| * }</pre> |
| * |
| * @param servletRequest the ServletRequest object to bind to the thread. If the argument is null, nothing will be done. |
| */ |
| public static void bind(ServletRequest servletRequest) { |
| if (servletRequest != null) { |
| ThreadContext.put(SERVLET_REQUEST_KEY, servletRequest); |
| } |
| } |
| |
| /** |
| * Convenience method that simplifies removal of a thread-local ServletRequest from the thread. |
| * <p/> |
| * The implementation just helps reduce casting and remembering of the ThreadContext key name, i.e it is |
| * merely a conveient wrapper for the following: |
| * <p/> |
| * <code>return (ServletRequest)ThreadContext.remove( SERVLET_REQUEST_KEY );</code> |
| * <p/> |
| * If you wish to just retrieve the object from the thread without removing it (so it can be retrieved later during |
| * thread execution), you should use the {@link #getRequiredServletRequest() getRequiredServletRequest()} method |
| * for that purpose. |
| * |
| * @return the Session object previously bound to the thread, or <tt>null</tt> if there was none bound. |
| */ |
| public static ServletRequest unbindServletRequest() { |
| return (ServletRequest) ThreadContext.remove(SERVLET_REQUEST_KEY); |
| } |
| |
| /** |
| * Returns the current thread-bound {@code ServletResponse} or {@code null} if there is not one bound. |
| * <p/> |
| * It is the case in certain enterprise environments where a web-enabled SecurityManager (and its internal mechanisms) |
| * is the primary SecurityManager but also serves as a 'central' coordinator for security operations in a cluster. |
| * In these environments, it is possible for a web-enabled SecurityManager to receive remote method invocations that |
| * are not HTTP based. |
| * <p/> |
| * In these environments, we need to acquire a thread-bound ServletResponse if it exists, but |
| * not throw an exception if one is not found (with the assumption that the incoming call is not a web request but |
| * instead a remote method invocation). This method exists to support these environments, whereas the |
| * {@link #getRequiredServletResponse() getRequiredServletResponse()} method always assumes a |
| * servlet-only environment. |
| * <p/> |
| * <b>THIS IS NOT PART OF APACHE KI'S PUBLIC API.</b> It exists for Apache Ki implementation requirements only. |
| * |
| * @return the current thread-bound {@code ServletResponse} or {@code null} if there is not one bound. |
| * @since 1.0 |
| */ |
| public static ServletResponse getServletResponse() { |
| return (ServletResponse) ThreadContext.get(SERVLET_RESPONSE_KEY); |
| } |
| |
| /** |
| * Convenience method that simplifies retrieval of a required thread-bound ServletResponse. If there is no |
| * ServletResponse bound to the thread when this method is called, an <code>IllegalStateException</code> is |
| * thrown. |
| * <p/> |
| * This method is basically a convenient wrapper for the following: |
| * <p/> |
| * <code>return (ServletResponse){@link ThreadContext#get ThreadContext.get}( SERVLET_RESPONSE_KEY );</code> |
| * <p/> |
| * But throws an <code>IllegalStateException</code> if the value is not bound to the <code>ThreadContext</code>. |
| * <p/> |
| * This method only returns the bound value if it exists - it does not remove it |
| * from the thread. To remove it, one must call {@link #unbindServletResponse() unbindServletResponse} instead. |
| * |
| * @return the ServletResponse bound to the thread. Never returns null. |
| * @throws IllegalStateException if no <code>ServletResponse> is bound in the {@link ThreadContext ThreadContext} |
| */ |
| public static ServletResponse getRequiredServletResponse() throws IllegalStateException { |
| ServletResponse response = (ServletResponse) ThreadContext.get(SERVLET_RESPONSE_KEY); |
| if (response == null) { |
| throw new IllegalStateException("No ServletResponse found in ThreadContext. " + NOT_BOUND_ERROR_MESSAGE); |
| } |
| return response; |
| } |
| |
| /** |
| * Convenience method that simplifies binding a ServletResponse to the thread via the ThreadContext. |
| * |
| * <p>The method's existence is to help reduce casting in your own code and to simplify remembering of |
| * ThreadContext key names. The implementation is simple in that, if the servletResponse is not <tt>null</tt>, |
| * it binds it to the thread, i.e.: |
| * |
| * <pre> |
| * if (servletResponse != null) { |
| * ThreadContext.put( SERVLET_RESPONSE_KEY, servletResponse ); |
| * }</pre> |
| * |
| * @param servletResponse the ServletResponse object to bind to the thread. If the argument is null, nothing will be done. |
| */ |
| public static void bind(ServletResponse servletResponse) { |
| if (servletResponse != null) { |
| ThreadContext.put(SERVLET_RESPONSE_KEY, servletResponse); |
| } |
| } |
| |
| /** |
| * Convenience method that simplifies removal of a thread-local ServletResponse from the thread. |
| * <p/> |
| * The implementation just helps reduce casting and remembering of the ThreadContext key name, i.e it is |
| * merely a conveient wrapper for the following: |
| * <p/> |
| * <code>return (ServletResponse)ThreadContext.remove( SERVLET_RESPONSE_KEY );</code> |
| * <p/> |
| * If you wish to just retrieve the object from the thread without removing it (so it can be retrieved later during |
| * thread execution), you should use the {@link #getRequiredServletResponse() getRequiredServletResponse()} method |
| * for that purpose. |
| * |
| * @return the Session object previously bound to the thread, or <tt>null</tt> if there was none bound. |
| */ |
| public static ServletResponse unbindServletResponse() { |
| return (ServletResponse) ThreadContext.remove(SERVLET_RESPONSE_KEY); |
| } |
| |
| /** |
| * Redirects the current request to a new URL based on the given parameters. |
| * |
| * @param request the servlet request. |
| * @param response the servlet response. |
| * @param url the URL to redirect the user to. |
| * @param queryParams a map of parameters that should be set as request parameters for the new request. |
| * @param contextRelative true if the URL is relative to the servlet context path, or false if the URL is absolute. |
| * @param http10Compatible whether to stay compatible with HTTP 1.0 clients. |
| * @throws java.io.IOException if thrown by response methods. |
| */ |
| public static void issueRedirect(ServletRequest request, ServletResponse response, String url, Map queryParams, boolean contextRelative, boolean http10Compatible) throws IOException { |
| RedirectView view = new RedirectView(url, contextRelative, http10Compatible); |
| view.renderMergedOutputModel(queryParams, toHttp(request), toHttp(response)); |
| } |
| |
| /** |
| * Redirects the current request to a new URL based on the given parameters and default values |
| * for unspecified parameters. |
| * |
| * @param request the servlet request. |
| * @param response the servlet response. |
| * @param url the URL to redirect the user to. |
| * @throws java.io.IOException if thrown by response methods. |
| */ |
| public static void issueRedirect(ServletRequest request, ServletResponse response, String url) throws IOException { |
| issueRedirect(request, response, url, null, true, true); |
| } |
| |
| /** |
| * Redirects the current request to a new URL based on the given parameters and default values |
| * for unspecified parameters. |
| * |
| * @param request the servlet request. |
| * @param response the servlet response. |
| * @param url the URL to redirect the user to. |
| * @param queryParams a map of parameters that should be set as request parameters for the new request. |
| * @throws java.io.IOException if thrown by response methods. |
| */ |
| public static void issueRedirect(ServletRequest request, ServletResponse response, String url, Map queryParams) throws IOException { |
| issueRedirect(request, response, url, queryParams, true, true); |
| } |
| |
| /** |
| * Redirects the current request to a new URL based on the given parameters and default values |
| * for unspecified parameters. |
| * |
| * @param request the servlet request. |
| * @param response the servlet response. |
| * @param url the URL to redirect the user to. |
| * @param queryParams a map of parameters that should be set as request parameters for the new request. |
| * @param contextRelative true if the URL is relative to the servlet context path, or false if the URL is absolute. |
| * @throws java.io.IOException if thrown by response methods. |
| */ |
| public static void issueRedirect(ServletRequest request, ServletResponse response, String url, Map queryParams, boolean contextRelative) throws IOException { |
| issueRedirect(request, response, url, queryParams, contextRelative, true); |
| } |
| |
| /** |
| * <p>Checks to see if a request param is considered true using a loose matching strategy for |
| * general values that indicate that something is true or enabled, etc.</p> |
| * |
| * <p>Values that are considered "true" include (case-insensitive): true, t, 1, enabled, y, yes, on.</p> |
| * |
| * @param request the servlet request |
| * @param paramName @return true if the param value is considered true or false if it isn't. |
| * @return true if the given parameter is considered "true" - false otherwise. |
| */ |
| public static boolean isTrue(ServletRequest request, String paramName) { |
| String value = getCleanParam(request, paramName); |
| return value != null && |
| (value.equalsIgnoreCase("true") || |
| value.equalsIgnoreCase("t") || |
| value.equalsIgnoreCase("1") || |
| value.equalsIgnoreCase("enabled") || |
| value.equalsIgnoreCase("y") || |
| value.equalsIgnoreCase("yes") || |
| value.equalsIgnoreCase("on")); |
| } |
| |
| /** |
| * Convenience method that returns a request parameter value, first running it through |
| * {@link StringUtils#clean(String)}. |
| * |
| * @param request the servlet request. |
| * @param paramName the parameter name. |
| * @return the clean param value, or null if the param does not exist or is empty. |
| */ |
| public static String getCleanParam(ServletRequest request, String paramName) { |
| return StringUtils.clean(request.getParameter(paramName)); |
| } |
| |
| public static void saveRequest(ServletRequest request) { |
| Subject subject = SecurityUtils.getSubject(); |
| Session session = subject.getSession(); |
| HttpServletRequest httpRequest = toHttp(request); |
| SavedRequest savedRequest = new SavedRequest(httpRequest); |
| session.setAttribute(SAVED_REQUEST_KEY, savedRequest); |
| } |
| |
| public static SavedRequest getAndClearSavedRequest(ServletRequest request) { |
| SavedRequest savedRequest = getSavedRequest(request); |
| if (savedRequest != null) { |
| Subject subject = SecurityUtils.getSubject(); |
| Session session = subject.getSession(); |
| session.removeAttribute(SAVED_REQUEST_KEY); |
| } |
| return savedRequest; |
| } |
| |
| public static SavedRequest getSavedRequest(ServletRequest request) { |
| SavedRequest savedRequest = null; |
| Subject subject = SecurityUtils.getSubject(); |
| Session session = subject.getSession(false); |
| if (session != null) { |
| savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_KEY); |
| } |
| return savedRequest; |
| } |
| |
| |
| } |